Cyber News

Cyber Attack Warning As Hackers Use AI And Gmail In New Campaign

Unlike the deepfake AI-generated cyber attack that so nearly compromised a Gmail account user by impersonating Google support, the newly uncovered CopyRh(right) adamant campaign is simultaneously more sophisticated and a lot simpler. Let’s deal with that overly complicated name first: this cyber attack, described as a large-scale phishing campaign by Check Point Software researchers, uses a newly discovered variant of the Rhadamanthys information stealer malware. The attack also uses a false premise of the victim being responsible for copyright infringement violations. The conflation of these two things giving us that awful, pun-laden, CopyRh(right)adamantly label. The Check Point team has been tracking multiple threat actors utilizing Rhadamanthys information stealer malware, including an Iranian group operating in Israel called Void Manticore and Handala, a hacktivist group linked to it. A new large-scale phishing operation targeting both individuals and organizations. Rather than a political or nation-state agenda, the Check Point analysis suggests the motivation is purely financial and carried out by a criminal cybercrime operative. Gmail and AI at the Heart of New Cyber Attack The Check Point report reveals that the cyber attackers in question are using dedicated Gmail accounts, created solely to distribute emails that impersonate legitimate organizations to claim copyright violations on social media accounts, primarily Facebook. “Using falsified Gmail accounts sending emails from these well-known companies,” Check Point said, “the email addresses and language are customized per each target to inform the victim of their supposed copywriting violation.” It should come as no surprise that AI capabilities have been leveraged as part of this new cyber-attack campaign. However, according to the researchers, these capabilities are limited to older optical character recognition models which are using AI automation “to create customized emails and multiple Gmail accounts per target.” Sergey Shykevich, threat intelligence group manager at Check Point Software, said that the discovery of the CopyRh(right)”Adamantys”cyber-attack campaign reveals not only the evolving sophistication of cyber threats but also “highlights how cybercriminals are leveraging AI for marketing purposes and use automation to enhance their reach and operational scale. For security leaders.” As such, Shykevich concluded, “it’s a wake-up call to prioritize automation and AI in defense strategies to counteract these globally scaled, financially motivated phishing campaigns.”

Cyber criminals make fake WhatsApp accounts of Goa minister, another MLA

Several top Goa politicians including ministers were attacked by cyber fraudsters with fake WhatsApp accounts created in their names. Police complaints have been lodged at multiple police stations related to the attempt at defrauding the politicians which are under investigation at Vasco and Porvorim. Three ministers — Ravi Naik, Mauvin Godinho and Rohan Khaunte — were among the politicians targeted and all three have filed complaints. Among the MLAs Jeet Arolkar, Nilesh Cabral and Premendra Shet were targeted by the fraudsters. Some of the targeted politicians have issued public notices through social media warning their acquaintances and karyakartas about conmen seeking money through their fake WhatsApp profiles. Tourism Minister Rohan Khaunte filed a complaint at the Porvorim police station against an unknown person for impersonating him and using his name and photo on WhatsApp to send messages to people to trick them. In his complaint, Khaunte stated that on Thursday at about 2.50 pm, he was informed by his staff that an unknown person had sent him a WhatsApp text pretending to be Rohan Khaunte using his name and picture. Khaunte said he then immediately instructed his staff to check the contact number and other corresponding credentials of the said person. It was noticed that the unknown person had created a business account under his name and had used a photo which was uploaded on the website of the Goa Legislative Assembly, to make the WhatsApp contact look authentic. Khaunte then lodged a complaint against the miscreant for impersonating him and using his name and reputation to send messages to people under Section 319, 204 and 205 of the Bharatiya Nyaya Sanhita (BNS), Section 66D & 66D of IT Act, 2000 and Representation of the People Act, 1951. The minister requested the Porvorim police to register a First Information Report as the incident clearly discloses commission of a serious crime. He has also demanded an immediate investigation by police. In Vasco, a complaint was filed against an unknown person for allegedly creating a fake WhatsApp account in the name of Transport Minister Mauvin Godinho, in a fraudulent attempt to solicit money. Condemning the fraudulent activities, Godinho said, “It has come to my attention that a false message has been circulated in my name and image on WhatsApp, requesting money through an Amazon Pay e-gift card. This message is fraudulent, and I strongly condemn such malicious activities.” The minister confirmed that an official complaint has been lodged with the police, and an investigation is underway. He also appealed to the public to exercise caution when encountering suspicious requests. “I urge everyone to remain vigilant and not engage with any suspicious requests. Thank you for your cooperation and support,” Godinho added. The incident has raised concerns about online scams targeting public figures and unsuspecting individuals. Police are investigating the case.

84-year-old cyber fraud victim gets Rs 53 lakh refund in Hyderabad

Hyderabad police have helped in refunding Rs 53 lakh to an octogenarian, who lost Rs 2.88 crore to cyber fraudsters. The victim, who was cheated by cyber fraudsters on the pretext of wrongdoing, received the amount on the court’s order. City Cybercrime Police had taken up the investigation after a complaint from an 84-year-old man from Hyderabad. According to Hyderabad Police Commissioner CV Anand, the fraudsters contacted the complainant through a WhatsApp video call, posing as CBI officials. They claimed that he was involved in Rs 68 crore financial fraud and threatened to send him to jail. Frightened over this, the victim on the instructions of fraudsters transferred Rs 2.88 crore to the bank accounts given by them. The Cyber Crime Police registered a case under Sections 66(C), 66(D) of the IT Act, and 308(2), 318(4), 319(2), 336(3), 338, 340(2) of BNS, and investigated the case. The police officials sent notices to the bank officials, followed up with them to freeze the fraudulent amount, and guided the complainant to file a petition in court for the refund of the amount held in the fraudulent accounts to the complainant’s bank account. The Police Commissioner said due to the sincere efforts of staff, the court issued orders to the banks for a refund of the amount. The court directed Axis Bank, Surat to refund Rs 53 lakh and State Bank of India Kerala to refund Rs 50 lakh. On regular follow-up with the bank officials, Rs 53 lakh was transferred today to the complainant’s account, the Police Commissioner said. He cautioned people not to be afraid of threatening calls that they will be arrested. Police will not make such calls and people have to keep in mind that it is only fraudsters who make such calls. Never send money to such fraudsters, block such calls, and lodge an online complaint immediately on the helpline number 1930 or through the National Cybercrime Reporting Portal cybercrime.gov.in, he urged people. People have been requested to follow Hyderabad Cyber Crime Police Station’s social media handles regularly to get time-to-time awareness about such cyber frauds. There is a possibility to get a refund of at least part of the lost amount and a ‘put on hold’ amount, if the fraud is reported immediately.

Union Minister Scindia Launches Call Prevention System to Shield Indians from Cyber Criminals

Another step by Department of Telecom (DoT) to protect Citizens from cyber frauds The system identifies and blocks the incoming international calls posing as Indian phone numbers System identified and blocked about 1.35 crore calls as spoofed calls in last 24 hrs, which are 90 % of all the incoming international calls Shri Jyotiraditya M. Scindia, Minister of Communications and Development of North Eastern Region today launched ‘International Incoming Spoofed Calls Prevention System’, in the presence of Minister of State for Communications & Rural Development Dr Pemmasani Chandra Sekhar. The launch ceremony was attended by Secretary Telecom and other senior officers. This is another milestone of DoT’s efforts towards building a safe digital space and protecting citizens from cyber-crime. Of late, cyber criminals have been committing cyber-crimes by making international spoofed calls displaying Indian mobile numbers (+91-xxxxxxxxx). These calls appear to be originating within India but are actually being made from abroad by manipulating the calling line identity (CLI) or commonly known as phone number. These spoofed calls have been used for financial scams, impersonating government officials, and creating panic. There have also been cases of cyber-crime threatening disconnection of mobile numbers by DoT/TRAI officials, fake digital arrests, drugs/narcotics in courier, impersonation as police officials, arrest in sex racket etc. Department of Communications (DoT) and Telecom Service (TSPs) have collaborated and devised a system to identify and block such incoming international spoofed calls from reaching the Indian telecom subscribers. The system was made operational and it has been observed that within 24 hours of operation of the system, about 1.35 crore or 90% from all the incoming international calls with Indian phone numbers were identified as spoofed calls and blocked by TSPs from reaching Indian telecom subscribers. Indian telecom subscribers should see a significant reduction in such spoofed calls with +91-xxxxxxx numbers with implementation of this system. Despite such best efforts, there could be cases where fraudsters succeed through other means. For such calls, you can help by reporting such suspected fraud communications at Chakshu facility on Sanchar Saathi (www.sancharsaasthi, gov.in). The DoT remains committed to proactively combating cybercrime. For those who have already lost money or been victims of cybercrime, please report the incident at the cybercrime helpline number 1930 or website https://www.cybercrime.gov.in

Tamil Nadu Cyber Crime Wing Warns of Online Firecracker Sale Scams Ahead of Diwali

As the festive season approaches, the Tamil Nadu Cyber Crime Wing has warned the public about a surge in online firecracker sale scams. According to the police, scammers are targeting buyers by exploiting Diwali enthusiasm, with 17 complaints reported between September and October through the National Cyber Crime Reporting Portal. The cybercrime police explained that scammers are using social media platforms to post attractive advertisements offering significant discounts on firecrackers. Victims, eager to capitalise on these deals, contact the fraudsters via WhatsApp or phone calls. Scammers then share links to fake websites, such as www.kannancrackers.in and www.sunrisecrackers.com, designed to appear legitimate but intended to steal money. “These sites often display genuine-looking product catalogues, prices, and payment options,” said the police. “Once payment is made, the victims never receive their ordered products, and the scammers vanish with the money.” The public is also at risk of having their personal and financial information compromised. In response, the police have issued an advisory urging people to verify the authenticity of online sellers, ensuring they have legitimate physical addresses and contact information before making any payments. The advisory also warns against ads that promote unrealistic deals, unusually low prices, or limited-time offers. To stay safe, the public is advised to purchase firecrackers from well-known brands, official websites, or established e-commerce platforms. Additionally, the police have encouraged users to report suspicious ads on social media platforms like Facebook, Instagram, and YouTube to prevent others from falling victim to these scams. Victims of such cyber fraud, or those observing suspicious activities, can report incidents through the helpline number 1930 or via the National Cyber Crime Reporting Portal at www.cybercrime.gov.in.

CERT-In and Master Card India sign MoU for collaboration in cyber security to enhance India’s cyber-resilience in Financial Sector

Two entities will leverage their shared expertise to strengthen financial sector cyber security incident response Indian Computer Emergency Response Team (CERT-In) is a Government organization under the Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In has joined hands with Master Card to promote cooperation and information sharing in the area of Cyber security related to the financial sector. The two entities have signed a Memorandum of Understanding (MoU) under which they will leverage their shared expertise with regards to financial sector in the fields of cyber security incident response, capacity building, sharing cyber threat intelligence specific to financial sector and advanced malware analysis. As part of the mutual understanding, Master Card and CERT-In will hold training programs and workshops for cyber capacity building, latest market trends and best practices to enhance cyber security of financial sector organizations. The two entities will also share relevant cyber threat trends, technical information, threat intelligence, and vulnerability reports to strengthen the financial sector information security of India. “Cyber security is the need of the hour and Prime Minister Shri Narendra Modi government is committed to ensuring that people on digital platforms are secure, as this warfare is not on the ground but in cyberspace. I am confident that this is an important milestone that will benefit not only both entities but also the public at large,” said Shri Jitin Prasada, Minister of State in the Ministry of Commerce & industry; and Electronics and Information Technology. “Master Card’s comprehensive approach to security gives its partners and customers deeper visibility into cyber risk and greater adaptability and resilience, protecting their systems through the latest AI technology. The company is delighted to collaborate with CERT-In to fortify India’s financial digital ecosystem, which has powered unprecedented growth in the country,” said Shri Gautam Aggarwal, Division President, South Asia at Master Card. About CERT-In: www.cert-in.org.in The Indian Computer Emergency Response Team (CERT-In) is a Government organization under Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In operates 24×7 incident response Help Desk for providing timely response to reported cyber security incidents. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services. About Master Card (NYSE: MA) Master Card is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Cybercriminals Exploiting Docker API Servers for SRB Miner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. “In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today. “The attacker first checked the availability and version of the Docker API, then proceeds with requests for gRPC/h2c upgrades and gRPC methods to manipulate Docker functionalities.” It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. The shell script, besides checking and terminating duplicate instances of itself, creates a bash script that, in turn, contains another Base64-encoded payload responsible for downloading a malicious binary that masquerades as a PHP file (“avatar.php”) and delivers a payload named httpd, echoing a report from Aqua earlier this month. Users are recommended to secure Docker remote API servers by implementing strong access controls and authentication mechanisms to prevent unauthorized access, monitor them for any unusual activities, and implement container security best practices.

Mumbai Medical Dean Falls Victim to ₹48.28 Lakh Cyber Fraud: Scammers Impersonate Police in Shocking Scheme

The cyber shark

Empowering Students Against Cyber Threats: GCOE Hosts Awareness Program

Srinagar, 17 October: An awareness programme on cyber threats, focusing on cybercrime and cyber security, was organised today by the NSS Unit of Government College of Education (GCOE) at MA Road, Srinagar. The event featured Mohd Yaseen Kichloo (IPS), Senior Superintendent of Police at the Cyber Crime Investigation Centre for Excellence, Jammu and Kashmir, as the guest speaker. He was accompanied by Faisal Ahmad, Station House Officer of the Crime Branch, Srinagar. The program aimed to educate students about the various forms of cyber threats and the importance of cyber security in today’s digital age. Attendees engaged in discussions about prevention strategies and the significance of reporting cybercrime incidents. This initiative reflects the college’s commitment to raising awareness about critical issues affecting the community and empowering students with knowledge to navigate the digital landscape safely. SSP Kichloo delivered an enlightening presentation that covered a wide array of cyber threats and crimes, including hacking and cracking techniques, phishing and its various forms, whisking and pharming attacks, email bombing and its implications, the intricacies of salami attacks, steganography and its uses in cybercrime, skimming and its impact on financial security, vishing (voice phishing) tactics, and the dangers of pornography in the digital space. The guest speaker also highlighted essential preventive measures for each of these cyber threats, equipping students with practical strategies to protect their digital presence effectively. The awareness program was skilfully moderated by Professor Lateef, ensuring a smooth flow of information and engaging dialogue between the speakers and the audience. Dr. Nazir Ahmad Bhat delivered a warm welcome address that set the tone for the importance of the day’s topic. Students and faculty actively participated in the session, asking pertinent questions and sharing their concerns about cyber security. The program’s interactive nature fostered a deeper understanding of the subject matter. Professor Abdul Gani Kumar delivered the vote of thanks, expressing gratitude to the esteemed guests for their valuable time and insights. He also thanked the NSS Units for organizing such an important event in today’s digital world.

Bengaluru Cyber Fraud Unveiled: Bank Officials Arrested in Rs 97 Crore Scam

The investigation into the online share trading fraud in Bengaluru, in which a man was cheated of Rs 1.52 crore, has led to the discovery of six bank accounts linked to 254 similar cyber-crimes registered with the National Cybercrime Reporting Portal (NCRP) and involving Rs 97 crore of fund transfers. The probe into the cybercrime case, which was registered by the Bengaluru police on July 1 this year, has also led to the arrest of four officials of an Axis Bank branch in Bengaluru, including a manager, on charges of facilitating the opening of six current accounts without verifications and checks for the facilitation of the fraud. This is the first time bank officials have been arrested for a cybercrime in Bengaluru. The arrested bank officials have been identified as Kishore Sahu, a manager of the Axis Bank Nagarbhavi branch, B Manohar, a sales manager, and sales executives Karthik and Rakesh. The police have also arrested Lakshmikanth, Raghu Raj, Kengegowda, and Mala, who opened mule accounts at the Axis Bank branch for ten transfer of funds defrauded from victims who wanted to make big money through online share trading. Short article insert the main operators of the cyber fraud who contacted victims online and received money defrauded from the victims are still at large and efforts are underway to track them down, police sources said. Some of the accused are suspected to be in a foreign country, the sources added. Online share trading fraud case On July 1, the 52-year-old man filed a complaint with the cyber-crime police station in Bengaluru stating that he had been cheated of Rs 1.52 crore between March 2024 and June 2024 by cyber fraudsters who promised to provide big returns through a VIP online share trading tips and management application. The victim said he was contacted on WhatsApp by a woman who claimed that her associate was a professor and had good knowledge about share trading and analysis and that he could help him make money. The victim was included in a group with over 110 members. He also downloaded a trading app indicated on the online group. According to the police complaint, the victim transferred Rs 1.52 crore from multiple accounts to the trading account created at the instance of online acquaintances between April and May 2024. In June, his account showed returns of Rs 28 crore and the victim sought to encase the returns but was told to pay Rs 75 lakh to access the money and this led to suspicion of cheating and the filing of the police complaint. Suspicious bank accounts When the police began their probe into the case, they found the money given by the victim was primarily transferred to two Axis Bank accounts in Bengaluru. “When we conducted investigations at the bank, we found that apart from the two accounts linked to the crime, four other similar accounts were opened at the bank on the same day,” said a police source. The police found that the suspicious bank accounts at the Axis Bank branch were opened by those who lived in Chikamagalur, which is nearly 300 km away from Bengaluru. “The business accounts were allowed to be opened at the bank without proper verification. The bank accounts used for the frauds were possibly allowed to be opened by the bank officials on the basis of commissions promised by the operators of the scam,” said B Dayananda, Commissioner, Bengaluru police, after the arrest of the bank officials and the mule account holders this week. The police have also found that the bank executives travelled to a resort outside Bengaluru under the pretext of verification of the biometrics of the account holders even though accounts could have been referred to be opened in the region where the account holders lived. “All the accounts that were opened were current accounts. Several crores of funds travelled through these accounts but no intimation was given to law enforcement agencies. There was a possibility of freezing over Rs 40 crore after being alerted of the accounts being used for fraudulent activities,” a cybercrime official said.